IGNITE 

Frequently Asked Questions


 

 

What is Spoofing?

Email spoofing is sending an email as someone else in attempt to “phish” or trick someone into thinking the email is from someone it is not. There are a few different methods used; 

“Spoof” name

Example

Prevention

Impersonated domains

jim@facebook.com


SPF, DKIM

Domain look-alikes

jim@facedook.com


Reverse DNS

Fake domains

jim@notarealdomain.com


Reverse DNS

Impersonation of internal user

jim@yourcompany.com

Internal Authentication, Internal SPF

 
 

I received one or more emails from emailSpoofTest.com, what is my exposure?
 


The security exposure is shown below:

 

Email Received

Prevention

Exposure

Email 1 -SPF set to reject all, DKIM set but not used, DMARC configured

SPF, DKIM, DMARC enforcement

If you received “Email 1” your email system does not protect you from forged emails from any other site. Sites could email you impersonating any site on the web.


Email 2 -DKIM set but not used, SPF not configured

DKIM enforcement

If you received “Email 2” your email system does not protect you from sites that only DKIM sign their emails. Someone could forge an email in this manner and send it to you without a DKIM signature and your users would likely never know.


Email 3 – SPF set to reject all, DKIM not configured

SPF enforcement

If you received “Email 3” your email system does not protect you from email coming from fake senders. Anyone can send mail to you as anyone.


Email 4 -email from you, to you

Internal Authentication, Internal SPF enforcement

If you received “Email 4” your email system does not protect you from an outside entity impersonating a user internal to your company.


Email 5 -invalid domain name, no SPF, no DKIM

Reverse DNS lookups on email

If you received “Email 5” your email system does not protect you from “look-alike” or non-existent domains.



*Note: The tests performed by emailSpoofTest.com are not "all inclusive" and only represent some of the common mis-configurations possible with email. This site makes no guarantees or promises of any type!

 


I didn't receive any email from emailSpoofTest.com, am I safe?

First off, a little CYA; you are never safe and by using this site you are not safer, nor proving you are safe from anything in any way. This is simply a test tool to help you figure out how exposed (not safe) you might be.

Sometimes the email can take a few minutes to get delivered but typically our emails are delivered within 10 minutes. If its slow, its probably you, not us. Our end of the operation is very fast and simple. If this site stops working correctly please let us know... it may be that some "fun" person is trying to ruin things for us (quite possible) by DDoSing or trying to use our servers to relay SPAM... BOOOO!!! Its not hard to do, you won't be impressing us if you do it... we will know who you are and we won't like you. 

If you did not receive any of our emails, this is not an indicator that you are protected... just like a pregnancy test, a negative result does not mean you are not pregnant (exposed in this case) but a positive result definitely means you are pregnant or exposed. (No Randy, not even a "little bit pregnant") Check SPAM and other protection mechanisms. 

If you received one of our test emails then your systems are very likely vulnerable

If you received one of these emails in your SPAM your systems are very likely vulnerable.

 



What are you doing with my email address?

This page does not collect email addresses but you should know that emails sent to sites with DMARC configured will receive a failure report if an email was sent from an IP not listed in SPF. Cumulative and forensic DMARC rejection reports will be sent by your email system if it is configured to do so. Also, the email you send to your account will be recorded in your email system. There is no way to get around these things as this is the way email works.

 
 


 
  More info on SPF http://www.openspf.org/

More info on DKIM http://www.dkim.org/

More info on DMARC https://dmarc.org/
 
 
 

   This free test tool brought to you by the Cyber Warfare Research Team (CWRT)

 
     
 

 
     
 

 
 

 


(CWRT)


IGNITE